CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11022 – SICK InspectorP61x and SICK InspectorP62x are vulnerable for a replay attack
https://notcve.org/view.php?id=CVE-2024-11022
06 Dec 2024 — The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is therefore vulnerable for a replay attack. The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is therefore vulnerable for a replay attack. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF • CWE-323: Reusing a Nonce, Key Pair in Encryption •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11075 – SICK Incoming Goods Suite privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-11075
19 Nov 2024 — A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF • CWE-250: Execution with Unnecessary Privileges •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10025 – Vulnerability in SICK CLV6xx, SICK Lector6xx and SICK RFx6xx
https://notcve.org/view.php?id=CVE-2024-10025
17 Oct 2024 — A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password. Una vulnerabilidad en el archivo .sdd permite a un atacante leer las contraseñas predeterminadas almacenadas en texto plano dentro del código. Al explotar estas credenciales en texto plano, un atacante puede iniciar sesión en... • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8751 – Vulnerability in SICK MSC800
https://notcve.org/view.php?id=CVE-2024-8751
12 Sep 2024 — A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue. A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2023-5246
https://notcve.org/view.php?id=CVE-2023-5246
23 Oct 2023 — Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay. Omisión de autenticación mediante Capture-replay en SICK Flexi Soft Gateways con números de pieza 1044073, 1127717, 1130282, 1044074, 1... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.json • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5103
https://notcve.org/view.php?id=CVE-2023-5103
09 Oct 2023 — Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe. La restricción inadecuada de Rendered UI Layers o Frames en RDT400 en SICK APU permite que un atacante remoto sin privilegios revele potencialmente información confidencial engañando a un usuario para que haga clic en un elemento procesable usando un iframe. Improper Restriction o... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5102
https://notcve.org/view.php?id=CVE-2023-5102
09 Oct 2023 — Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests. Una gestión de flujo de control insuficiente en RDT400 en SICK APU permite que un atacante remoto sin privilegios habilite potencialmente funciones ocultas a través de solicitudes HTTP. • https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json • CWE-691: Insufficient Control Flow Management •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5101
https://notcve.org/view.php?id=CVE-2023-5101
09 Oct 2023 — Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests. Archivos o directorios accesibles a partes externas en RDT400 en SICK APU permiten a un atacante remoto sin privilegios descargar varios archivos desde el servidor a través de solicitudes HTTP. Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from ... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5100
https://notcve.org/view.php?id=CVE-2023-5100
09 Oct 2023 — Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted. La transmisión de texto plano de información confidencial en RDT400 en SICK APU permite a un atacante remoto sin privilegios recuperar información potencialmente confidencial mediante la interceptación del tráfico de red que no está cifrado. Cleartext Transmission of Sensitive Information in RDT400 i... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43697
https://notcve.org/view.php?id=CVE-2023-43697
09 Oct 2023 — Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests. La modificación de datos supuestamente inmutables (MAID) en RDT400 en SICK APU permite a un atacante remoto sin privilegios hacer que el sitio no pueda cargar las cadenas necesarias cambiando las rutas de los archivos mediante solicitudes HTTP. Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK A... • https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json • CWE-471: Modification of Assumed-Immutable Data (MAID) •